From: Bjorn Andersson <bjorn.andersson@linaro.org>
To: Srinivas Kandagatla <srinivas.kandagatla@linaro.org>
Cc: gregkh@linuxfoundation.org, linux-arm-msm@vger.kernel.org,
linux-kernel@vger.kernel.org, arnd@arndb.de,
Dan Carpenter <dan.carpenter@oracle.com>
Subject: Re: [PATCH] misc: fastrpc: fix potential fastrpc_invoke_ctx leak
Date: Mon, 11 May 2020 18:18:10 -0700 [thread overview]
Message-ID: <20200512011810.GB57962@builder.lan> (raw)
In-Reply-To: <20200511162927.2843-1-srinivas.kandagatla@linaro.org>
On Mon 11 May 09:29 PDT 2020, Srinivas Kandagatla wrote:
> fastrpc_invoke_ctx can have refcount of 2 in error path where
> rpmsg_send() fails to send invoke message. decrement the refcount
> properly in the error path to fix this leak.
>
> This also fixes below static checker warning:
>
> drivers/misc/fastrpc.c:990 fastrpc_internal_invoke()
> warn: 'ctx->refcount.refcount.ref.counter' not decremented on lines: 990.
>
> Fixes: c68cfb718c8f ("misc: fastrpc: Add support for context")
> Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
> Signed-off-by: Srinivas Kandagatla <srinivas.kandagatla@linaro.org>
> ---
> drivers/misc/fastrpc.c | 4 +++-
> 1 file changed, 3 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/misc/fastrpc.c b/drivers/misc/fastrpc.c
> index 9065d3e71ff7..07065728e39f 100644
> --- a/drivers/misc/fastrpc.c
> +++ b/drivers/misc/fastrpc.c
> @@ -949,8 +949,10 @@ static int fastrpc_internal_invoke(struct fastrpc_user *fl, u32 kernel,
> dma_wmb();
> /* Send invoke buffer to remote dsp */
> err = fastrpc_invoke_send(fl->sctx, ctx, kernel, handle);
> - if (err)
> + if (err) {
> + fastrpc_context_put(ctx);
So we refcount ctx once for the invoke function and once between send
and callback. And this fastrpc_context_put() would counter the fact that
rpmsg_send() failed, so we will not get the "remote's" put().
I think that if you moved this call inside fastrpc_invoke_send() it's
relationship to the failing rpmsg_send() would be obvious.
Regards,
Bjorn
> goto bail;
> + }
>
> if (kernel) {
> if (!wait_for_completion_timeout(&ctx->work, 10 * HZ))
> --
> 2.21.0
>
next prev parent reply other threads:[~2020-05-12 1:19 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-05-11 16:29 [PATCH] misc: fastrpc: fix potential fastrpc_invoke_ctx leak Srinivas Kandagatla
2020-05-12 1:18 ` Bjorn Andersson [this message]
2020-05-12 10:42 ` Srinivas Kandagatla
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200512011810.GB57962@builder.lan \
--to=bjorn.andersson@linaro.org \
--cc=arnd@arndb.de \
--cc=dan.carpenter@oracle.com \
--cc=gregkh@linuxfoundation.org \
--cc=linux-arm-msm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=srinivas.kandagatla@linaro.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.